Handle IKEv1 NAT-T vendor ID payload (only RFC 3947 for now).
authorTobias Brunner <tobias@strongswan.org>
Tue, 29 Nov 2011 13:26:52 +0000 (14:26 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:31:10 +0000 (17:31 +0100)
src/libcharon/sa/ike_sa.h
src/libcharon/sa/tasks/ike_vendor_v1.c

index 882de41..bc3544f 100644 (file)
@@ -69,7 +69,7 @@ typedef struct ike_sa_t ike_sa_t;
 enum ike_extension_t {
 
        /**
-        * peer supports NAT traversal as specified in RFC4306
+        * peer supports NAT traversal as specified in RFC4306 or RFC3947
         */
        EXT_NATT = (1<<0),
 
index bf857a3..450c5b2 100644 (file)
@@ -41,11 +41,23 @@ struct private_ike_vendor_v1_t {
        bool initiator;
 };
 
+/**
+ * Indicate support for XAuth, MD5("draft-ietf-ipsra-isakmp-xauth-06.txt")
+ * Truncated to the first half.
+ */
 static chunk_t xauth6_vid = chunk_from_chars(
        0x09,0x00,0x26,0x89,0xdf,0xd6,0xb7,0x12
 );
 
 /**
+ * Indicate support for NAT-Traversal, MD5("RFC 3947")
+ */
+static chunk_t natt_vid = chunk_from_chars(
+       0x4a,0x13,0x1c,0x81,0x07,0x03,0x58,0x45,
+       0x5c,0x57,0x28,0xf2,0x0e,0x95,0x45,0x2f
+);
+
+/**
  * strongSwan specific vendor ID without version, MD5("strongSwan")
  */
 static chunk_t strongswan_vid = chunk_from_chars(
@@ -76,6 +88,7 @@ METHOD(task_t, build, status_t,
        }
 
        add_vendor_id(this, message, xauth6_vid);
+       add_vendor_id(this, message, natt_vid);
 
        return this->initiator ? NEED_MORE : SUCCESS;
 }
@@ -107,6 +120,11 @@ METHOD(task_t, process, status_t,
                                DBG1(DBG_IKE, "received XAuth vendor id");
                                this->ike_sa->enable_extension(this->ike_sa, EXT_XAUTH);
                        }
+                       else if (chunk_equals(data, natt_vid))
+                       {
+                               DBG1(DBG_IKE, "received NAT-T vendor id");
+                               this->ike_sa->enable_extension(this->ike_sa, EXT_NATT);
+                       }
                        else
                        {
                                DBG1(DBG_ENC, "received unknown vendor id: %#B", &data);